This policy defines our process for what we do in such an event, whether the vulnerability was discovered as part of a client engagement or for our own research.
The disclosure of vulnerabilities to the vendor follows our coordinated disclosure process, which is detailed here. Advisories related to issues we have discovered are also detailed below.
Whilst 90 days is now the industry standard for a fixed disclosure period, we understand that this isn’t always an achievable amount of time to develop and distribute a patch, and are happy to work with vendors to appropriately manage the disclosure.
We’re on hand to answer any questions you might have about the Cyber Lab or the research we’re doing.
Leave your details below and we’ll be in touch.